Bug 1156410
| Summary: | curl does not allow explicit control of DHE ciphers | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Poole <mpoole> | ||||
| Component: | curl | Assignee: | Kamil Dudka <kdudka> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.0 | Keywords: | Reopened | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1156422 (view as bug list) | Environment: | |||||
| Last Closed: | 2014-10-24 13:06:49 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 1066065 *** The upstream patch referenced in bug 1066065 already solves the problem you reported, in a portable way. There is no point in tracking this bug report separately. *** This bug has been marked as a duplicate of bug 1066065 *** |
Created attachment 950373 [details] Patch to add missing cipher names. Description of problem: curl has a list of ciphers that are not enabled by default that it adds to the library default selection in the absence of any explicit ciphers. /* following ciphers are new in NSS 3.4 and not enabled by default, therefore they are enabled explicitly */ static const int enable_ciphers_by_default[] = { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NULL_WITH_NULL_NULL }; Unfortunately these ciphers are not made available in the list of choosable ciphers and so cannot be explicitly selected for use. Version-Release number of selected component (if applicable): curl-7.29.0-19.el7